#!/bin/posh
# shellcheck disable=1003,1091,2006,2016,2034,2039
# vim: set ts=2 sw=2 sts=2 fdm=marker fmr=#(,#) et:
#
# doc:
#
#  Copy this file to a new one with the same name of the cve to test, all in
# lowercase (i.e.: cve-2014–6271.sh).
#  Then add the code for the functions shown here. **ALL** functions must appear
# in the new created file, however the ones marked as 'optional' can be left
# with the same code than in 'skel.sh'. Inside the function, declare all the
# variables as 'local' (i.e.: local vuln_version="1.2.3")
#
#  NOTE: You can use here, functions and variables implemented in 'lse.sh':
#   * lse_get_pkg_version: Get package version supplying package name
#   * lse_is_version_bigger: Check if version in $1 is bigger than the $2
#   * $lse_arch: System architecture
#   * $lse_distro_codename: The linux distribution code name (ubuntu, debian,
#      opsuse, centos, redhat, fedora)
#   * $lse_linux: Kernel version
#   * Colors
#  XXX: Check the definitions in 'lse.sh' to better understand what they do and
#       how they work
#
################################################################################
## RULES:
##  * Do NOT cause any harm with the tests
##  * Try to be as accurate as possible, trying to detect patched versions from
##    distro package versions. Try to minimize false positives.
##  * The script must be POSIX compliant. Test it with 'posh' shell.
################################################################################


# lse_cve_level: 0 if leads to a privilege escalation; 1 for other CVEs
lse_cve_level=0

# lse_cve_id: CVE id in lowercase (i.e.: cve-2014–6271)
lse_cve_id="cve-2022-0847"

# lse_cve_description: Short. Not more than 52 characters long.
#__________________="vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv"
lse_cve_description="Dirty Pipe vulnerability"

lse_cve_test() { #(
  local kernel
  local kernel_distro
  kernel=$(uname -r | cut -d- -f1)
  kernel_distro=$(uname -r)
  v1=$(echo "$kernel" | cut -d '.' -f1)
  v2=$(echo "$kernel" | cut -d '.' -f2)
  v3=$(echo "$kernel" | cut -d '.' -f3)
  v1=${v1:-0};v2=${v2:-0};v3=${v3:-0};

  if [ "$v1" != 5 ] ||
    [ $((v2)) -lt 8 ] ||
    { [ "$v2" = 10 ] && [ $((v3)) -ge 102 ]; } ||
    { [ "$v2" = 15 ] && [ $((v3)) -ge 25 ]; } ||
    { [ "$v2" = 16 ] && [ $((v3)) -ge 11 ]; } ||
    [ $((v2)) -gt 16 ]
  then
    # Not vulnerable
    exit 1
  fi

  case "$lse_distro_codename" in
    debian)
      # get debian upstream kernel version
      kernel=$(uname -v | cut -d' ' -f4 | cut -d- -f1)
      lse_is_version_bigger "$kernel" "5.10.92" && exit 1
      ;;
    ubuntu)
      lse_is_version_bigger "$kernel_distro" "5.13.0-35.39" && exit 1
      ;;
    redhat)
      [ -r "/etc/os-release" ] && distro_release=$(grep -E '^VERSION_ID=' /etc/os-release | cut -f2 -d=)
      kernel_package=$(lse_get_pkg_version kernel)
      case "$distro_release" in
        8.1)
          lse_is_version_bigger 4.18.0-147.64.1.el8_1 "$kernel_package" || exit 1
          ;;
        8.2)
          lse_is_version_bigger 4.18.0-193.79.1.el8_2 "$kernel_package" || exit 1
          ;;
        8.4)
          lse_is_version_bigger 4.18.0-305.40.2.el8_4 "$kernel_package" || exit 1
          ;;
        8.*)
          lse_is_version_bigger 4.18.0-348.20.1.el8_5 "$kernel_package" || exit 1
          ;;
        *)
          lse_is_version_bigger "$distro_release" 8 && exit 1
          ;;
      esac
      ;;
  esac

  # Vulnerable
  echo "Vulnerable! kernel version: $kernel_distro"
} #)

# Uncomment this line for testing the lse_cve_test function
#lse_NO_EXEC=true . ../lse.sh ; lse_cve_test
